With the continuous expansion of network scale ,2020 year IPFS One of the main focuses of is improving content routing . Although we are right DHT Significant improvements have been made to the request speed on (https://blog.ipfs.io/2020-07-20-dht-deep-dive/), But our other key focus is network security . In the release go-ipfs 0.5 In the previous work ,A-SIT and Graz University of science and Technology Bernd Prünster and Alexander Marsalek Contacted us , Tell us they're targeting go-ipfs 0.4.23 An attack found in the study of , This kind of attack can let the attacker eat the public with the least resources DHT Any node on . in the past 3 A small version of go-ipfs(0.5、0.6 and 0.7) in , We have always been with Bernd and Alexander Close cooperation , This allows us to release incremental improvements , Reduced their original attack , And it increases the cost and difficulty of such attacks by several orders of magnitude . Today we're going to delve into the attack and the various mitigation measures we've released . If you want to read a full paper ,“ All of the Eclipse Viruses —— disturb “ damage IPFS System ”, You can TU Graz Research portal to find it .
1. Ease the attack
Eclipse An attack is when an attacker isolates a peer from the rest of the network , The ability of a target peer to communicate only with peers controlled by an attacker . The target of this attack is to contaminate the target peer DHT Routing table , Make an attacker controlled peer exist . stay Bernd and Alexander In the attacks found , They use libp2p And a lot of pre generated Peer ID list , Created a Sybil attack , total 29TB The data of , To play libp2p The reputation system in , To take over the routing table .
If you are right about Sybil attack (https://en.wikipedia.org/wiki/Sybil_attack) Unfamiliar words , The principle is to use a single Peer A lot of pseudonyms ID To subvert the credibility system , To increase the influence on the Internet . In the context of this attack , false ID Eventually, the location of the honest peer will be replaced in the routing table of the affected peer .
To make this attack successful ,libp2p Some of the loopholes in have been exposed , And it eventually leads to this kind of attack in go-ipfs 0.4.23 It's very effective . When this attack was discovered ,libp2p One of the main problems is ,DHT There is no preference for longevity counterparts , It doesn't protect its counterpart in the lower barrel ( The peer of the other half of the network ). This problem allows attackers to quickly evict honest peers from the target's routing table , To support its dishonest counterpart . As go-ipfs 0.5 in DHT Part of the overhaul work , We changed the way entries in the routing table are managed . One of the major impact changes is , We will no longer evict available peers from the routing table . This plus we're in go-ipfs 0.5 Chinese vs DHT Other improvements made , It makes the execution of the attack more difficult by several orders of magnitude . You can IPFS 0.5 Content routing dig deep (https://blog.ipfs.io/2020-07-20-dht-deep-dive/) Read about DHT Detailed changes of .
except go-ipfs 0.5 Changes in , We also fixed a few problems , Further increases the difficulty and cost of this attack . Part of the reason for the success of the attack is that Sybil A node can play a valuable connected reputation system by abusing a defect in the way that it scores its peers as a relay . This defect can make a Sybil Nodes act as successors Sybil Peer relay , So as to continue to improve relay scores . This can use nested... For a single peer Sybils Get a lot of bad reputation quickly . To solve this problem , We applied a constant fraction to the relay , This allows us to still value them , But avoid them being able to exaggerate their reputation . By improving the integrity of the internal reputation system , We lowered Sybil The power of attack .
Another major change we've made to increase the cost of such attacks is the introduction of IP Diversity requires . The original go-ipfs 0.4.23 Attacks can be run on a single machine at a relatively low cost , Because the routing table may only contain peers from a single host . Now? ,IP Diversity requirements limit the number of peers from any host , This makes it impossible to perform an eclipse attack from a single machine , Further, the attack cost will be reduced from go-ipfs 0.5 Increased by more than two orders of magnitude .
2. Verify mitigation measures
As and Bernd and Alexander Part of the cooperation , We want to make sure that we can test and validate our fix correctly , We take two approaches .
Field test : With our permission , They launched a control attack on one of our managed bootstrap nodes on the public network . This allows us to collect real-time metrics and logs , Observe the effectiveness of the attack from our visibility and their external Observations . The controlled attack is in IPFS On each release before release , from go-ipfs 0.5 Start , This allows us to validate our fix in a production environment .
stay Testground Copy it on : because Testground(https://blog.ipfs.io/2020-05-06-launching-testground/) Development and release of , as well as Bernd and Alexander Share their attack code , We were able to create a test plan to replicate the various parts of the attack . This allows us to make large-scale test changes in a controlled test environment , Both verify that the attack is possible , And verify our mitigation measures . The benefit of having these test plans is , We can continue in IPFS and libp2p Run them on the version of , To make sure we don't introduce regression . Besides , This ensures that we can run the attack for a longer time in a controlled environment , To further analyze the effectiveness and cost of the attack .
3. Our situation today
This year , We are right. IPFS and libp2p We've made significant improvements in both performance and security , And cooperation is an important part of the success of this work .Bernd and Alexander Research done , And their willingness to work closely with us , To help us improve the stability of the network is very valuable . We appreciate the opportunity to work together . With 9 month go-ipfs 0.7(https://blog.ipfs.io/2020-09-24-go-ipfs-0-7-0/) Release , We are IPFS and libp2p On the implementation eclipse and Sybil Attacks are more difficult and costly than 0.4.23 Several orders of magnitude have been added to its predecessor .
If you haven't updated to go-ipfs 0.7, We suggest that you update as soon as possible , To take advantage of the full range of these improvements . Please check out go-ipfs 0.7 Update guide , Learn the details of how to update .